Movable Type Rich Text Editor脚本注入漏洞

Movable Type是一款基于WEB的网络博客系统。 由于通过网页键入的输入在富文本编辑器显示之前缺少过滤。在恶意数据被查看时，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 下列产品和版本存在漏洞： Movable Type Pro version 6.0 Movable Type Pro versions 5.2.x, 5.1x, and 5.0x Movable Type Open Source MTOS versions 5.2.x, 5.1x, and 5.0x Movable Type Advanced / Movable Type...

CVE-2008-5808

CVE-2008-5808 is an XSS vulnerability in Six Apart Movable Type products: Movable Type Enterprise (MTE) 1.x before 1.56, Movable Type (MT) 3.x before 3.38, and MTOS/Movable Type Enterprise 4.x before 4.23. The root cause is a cross-site scripting flaw that allows remote attackers to inject arbitr...